Voorhees ‘Confident’ Ex-Team Member Involved

Posting an update on ShapeShift’s homepage, which has been offline since the breach was discovered on April 7, Voorhees wrote:

Since the investigation into the ShapeShift hack last week started, we had suspicion that someone previously on the team was involved, and that this person assisted an outside hacker. We are confident now that is is indeed the case.

Erik Voorhees

Voorhees reiterated that no customer funds were at risk, and those who had pending trades at the time of the shutdown are urged to contact ShapeShift in order to secure their funds.

In the update, he added that “evidence continues to be revealed”, and that his team was working with a forensic specialist from LedgerLabs to determine exactly what had happened.

ShapeShift has scrapped its previous server infrastructure and is now rebuilding its entire system from scratch – an extra-mile safety approach seen as necessary for a more trustworthy service. So far, details regarding the scale of the hack and what exactly was stolen remain unavailable. It is also uncertain exactly when ShapeShift will be back online and available for trading.

Bitcoin.com contacted Voorhees for additional comment, but had not received a reply at publication time. He promised to release a more detailed post-mortem after the investigation is complete, adding:

Our team continues to revise and rebuild infrastructure, hardening not only prior vulnerabilities, but future potential attack vectors. It has been inspiring to see anti-fragility in action as ShapeShift gets stronger.

Shapeshift’s exchange, which offers near-instant exchange between numerous cryptocurrencies without the need for registration or customer accounts, has proved popular with users. It does not hold customer balances, meaning only funds from the company’s own hot wallets were at risk of loss.

Security at the Forefront

Prices of most cryptocurrencies other than bitcoin took a dive earlier this week, a move that some have attributed to ShapeShift’s troubles.

Internal security controls are proving as much of a headache for bitcoin exchanges as external threats. A technically skilled, highly-mobile and mostly contract-based workforce – along with law enforcement that lacks the necessary abilities to investigate, and a grey legal environment – makes companies in the cryptocurrency industry particularly vulnerable to heists.

Most, however, have preferred not to speculate openly about the nature of hack attacks. The most notorious example of an alleged “inside job” was also the largest – Tokyo’s Mt Gox, which lost at least 650,000 bitcoins from its storage wallets.

Japanese authorities investigating the case have stated their belief that Mt Gox’s funds were stolen with the cooperation of a former employee, although CEO Mark Karpeles initially maintained the attack came from unknown external sources.

Do you think the hack will make ShapeShift’s security stronger? Let us know in the comments sections below!

The Chicago Mercantile Exchange (CME Group) has seen a big spike in bitcoin futures volumes according to an internal investors… read more.

Jon Southurst

Jon Southurst has been interested in bitcoin since reading Neal Stephenson's 'Cryptonomicon' in 2012. A long-time tech writer, he has been a regular contributor at CoinDesk and has written for Kaiko.com, DeepDotWeb and ancient print publications. He lives on an artificial island in Tokyo.

In Case You Missed It

Meet Memopay, the Bitcoin Cash Advertising Model That ‘Pays for Attention’. There’s a different kind of advertising taking place on the Bitcoin Cash (BCH) network, using an application called Memopay… read more.

The Bitcoin.com Wallet: Available on all platforms

Download the Bitcoin.com Wallet right to your device for easy and secure access to your bitcoins. Perfect for beginners, the Bitcoin.com Wallet makes using and holding bitcoins easy. No logins required.